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AMENDMENT TO THE CLAIMS 

The following listing of claims replaces all prior versions. 



1 1 . (Currently Amended) A machine implemented method for securing data in 

2 communications between a client and server using an unencrypted transfer protocol that does 

3 not encrypt a payload defined by the transfer protocol, the method comprising the computer- 

4 implemented steps of: 

5 selecting a subset of data for encryption from a set of data to be communicated 

6 between the client and the server in a particular payload of the unencrypted 

7 transfer protocol; 

8 determining a secret integer that is unique for the subset among a plurality of subsets 

9 in a plurality of payloads, wherein the secret integer associated with the 

10 particular payload is unique relative to secret integers associated with other 

1 1 payloads of the plurality of payloads; 

1 2 bas e d on the subs e t and th e secret int e g e r, g e n e rating encrypting the subset of data 

13 using at least the secret integer to generate encrypted data that is impractical 

14 for a device other than the client and the server to decrypt; and 

1 5 sending, from a sending device of the client and the server to a receiving device of the 

16 client and the server, in the particular payload, the encrypted data and clue 

17 information to determine, only at the client and the server, the secret integer 

1 8 for decrypting the encrypted data. 
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1 2. (Original) A method as recited in Claim 1 , wherein the unencrypted transfer protocol 

2 is Hypertext Transfer Protocol (HTTP). 

1 3. (Original) A method as recited in Claim 1, said step of determining a secret integer 

2 that is unique for the subset further comprising the steps of: 

3 generating a first integer using a random number generator; 

4 determining a shared secret key to be shared with the receiving device based on the 

5 first integer and a first public key associated with the receiving device; and 

6 selecting the secret integer based on the shared secret key. 

1 4. (Original) A method as recited in Claim 3, said step of sending the information to 

2 determine the secret integer further comprising the steps of: 

3 determining a second public key associated with the sending device based on the first 

4 integer; and 

5 including the second public key in the information to determine the secret integer. 



1 5. (Original) A method as recited in Claim 3, said step of sending the information to 

2 determine the secret integer further comprising the steps of: 

3 determining a plurality of second public keys associated with the sending device 

4 based on the first integer, wherein each of the second public keys is associated 

5 with one of a plurality of subsets from the set of data; and 
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6 



including the plurality of second public keys in the information to determine the 



7 



secret integer. 



1 6. (Currently Amended) A method as recited in Claim 3, said step of s e tting selecting 

2 the secret integer further comprising the step of applying a particular hash function to the 

3 shared secret key to generate the secret integer. 

1 7. (Original) A method as recited in Claim 3, said step of generating encrypted data 

2 further comprising the step of performing an exclusive or (XOR) operation between 

3 corresponding bits of the subset and the secret integer to generate the encrypted data. 

1 8. (Original) A method as recited in Claim 1, wherein: 

2 said step of determining the secret integer further comprises the step of applying a 

3 particular hash function a plurality of times to a shared secret key shared with 

4 the receiving device; and 

5 said step of sending the information to determine the secret integer further comprises 

6 the step of storing, as part of the clue information, data that indicates a number 

7 of times the particular hash function has been applied. 

1 9. (Original) A method as recited in Claim 8, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated in the information; 
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5 determining a second integer formed after the particular hash function is applied 

6 fewer times than the number of times indicated in the information; and 

7 performing an exclusive or (XOR) operation between corresponding bits of the first 

8 integer and the second integer. 

1 10. (Original) A method as recited in Claim 8, said step of determining the secret integer 

2 further comprising the steps of: 

3 determining a first integer formed after the particular hash function is applied the 

4 number of times indicated in the information; 

5 determining a second integer formed after a second hash function is applied for the 

6 number of times indicated in the information, wherein the second hash 

7 function is different from the particular hash function that is used to determine 

8 the first integer; and 

9 performing an exclusive or (XOR) operation between corresponding bits of the first 
1 0 integer and the second integer. 

1 11. (Original) A method as recited in Claim 8, further comprising, before said step of 

2 determining the secret integer, performing the steps of: 

3 determining the shared secret key based on a particular communication between the 

4 client and the server; and 

5 storing the shared secret key in a secure data structure. 
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1 12. (Original) A method as recited in Claim 1, wherein the secret integer has a particular 

2 number of bits fixed for all subsets in all payloads communicated during a communication 

3 session between the client and the server. 

1 13. (Original) A method as recited in Claim 1, wherein the secret integer has a number of 

2 bits that varies in accordance with lengths of payloads that are communicated during a 

3 communication session between the client and the server. 

1 14-23. (Canceled) 

1 24. (Currently Amended) A computer-readable medium carrying one or more sequences 

2 of instructions for securing data in communications between a client and server using an 

3 unencrypted transfer protocol that does not encrypt a payload defined by the transport 

4 protocol, which instructions, when executed by one or more processors, cause the one or 

5 more processors to carry out the steps of: 

6 selecting a subset of data for encryption from a set of data to be communicated 

7 between the client and the server in a particular payload of the unencrypted 

8 transfer protocol; 

9 determining a secret integer that is unique for the subset among a plurality of subsets 

10 in a plurality of payloads, wherein the secret integer associated with the 

1 1 particular payload is unique relative to secret integers associated with other 

12 payloads of the plurality of payloads; 
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13 bas e d on th e oubs e t and th e s e cr e t int e g e r, encrypting the subset of data using at least 

14 the secret integer to generate g e n e rating encrypted data that is practically 

15 unintelligible to a device other than the client and the server; and 

16 sending, from a sending device of the client and the server to a receiving device of the 

17 client and the server, in the particular payload, the encrypted data and 

18 information to determine, only at the client and the server, the secret integer 

1 9 for decrypting the encrypted data. 

1 25. (Canceled) 

1 26. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 means for selecting a subset of data for encryption from a set of data to be 

5 communicated between the client and the server in a particular payload of the 

6 unencrypted transfer protocol; 

7 means for determining a secret integer that is unique for the subset among a plurality 

8 of subsets in a plurality of payloads, wherein the secret integer associated with 

9 the particular payload is unique relative to secret integers associated with 

1 0 other payloads of the plurality of payloads; 

1 1 means for encrypting the subset of data using at least the secret integer to generate 

12 gen e rating, bas e d on th e subs e t and the s e cr e t integ e r , encrypted data that is 

1 3 practically unintelligible to a device other than the client and the server; and 
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14 means for sending to a receiving device of the client and the server, in the particular 

15 payload, the encrypted data and information to determine, only at the client 

16 and the server, the secret integer for decrypting the encrypted data. 
1 27. (Canceled) 

1 28. (Currently Amended) An apparatus for securing data in communications between a 

2 client and server using an unencrypted transfer protocol that does not encrypt a payload 

3 defined by the transport protocol, comprising: 

4 a network interface that is coupled to the data network for sending one or more packet 

5 flows thereto; 

6 a processor; 

7 one or more stored sequences of instructions which, when executed by the processor, 

8 cause the processor to carry out the steps of: 

9 selecting a subset of data for encryption from a set of data to be communicated 

10 between the client and the server in a particular payload of the unencrypted 

1 1 transfer protocol; 

12 determining a secret integer that is unique for the subset among a plurality of subsets 

13 in a plurality of payloads, wherein the secret integer associated with the 

14 particular payload is unique relative to secret integers associated with other 

1 5 payloads of the plurality of payloads; 

1 6 bas e d on th e subs e t and the secr e t integer, g e nerating encryptin g the subset of data 

1 7 using at least the secret integer to generate encrypted data that is practically 

1 8 unintelligible to a device other than the client and the server; and 
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19 sending, to a receiving device of the client and the server, in the particular payload, 

20 the encrypted data and information to determine, only at the client and the 

21 server, the secret integer for decrypting the encrypted data. 

1 29. (Canceled) 

2 30. (New) The apparatus of Claim 28, wherein the unencrypted transfer protocol is 

3 Hypertext Transfer Protocol (HTTP). 

1 31. (New) The apparatus of Claim 28, wherein the sequences of instructions that cause 

2 the processor to perform determining a secret integer that is unique for the subset comprise 

3 sequences of instructions which, when executed by the processor, cause the processor to 

4 perform: 

5 generating a first integer using a random number generator; 

6 determining a shared secret key to be shared with the receiving device based on the 

7 first integer and a first public key associated with the receiving device; and 

8 selecting the secret integer based on the shared secret key. 

1 32. (New) The apparatus of Claim 3 1 , wherein the sequences of instructions that cause 

2 the processor to perform sending the information to determine the secret integer comprise 

3 sequences of instructions which, when executed by the processor, cause the processor to 

4 perform: 

5 determining a second public key associated with the sending device based on the first 

6 integer; and 

7 including the second public key in the information to determine the secret integer. 
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1 33. (New) The apparatus of Claim 3 1 , wherein the sequences of instructions that cause 

2 the processor to perform sending the information to determine the secret integer comprise 

3 sequences of instructions which, when executed by the processor, cause the processor to 

4 perform: 

5 determining a plurality of second public keys associated with the sending device 

6 based on the first integer, wherein each of the second public keys is associated 

7 with one of a plurality of subsets from the set of data; and 

8 including the plurality of second public keys in the information to determine the 

9 secret integer. 

1 34. (New) The apparatus of Claim 3 1 , wherein the sequences of instructions that cause 

2 the processor to perform selecting the secret integer comprise sequences of instructions 

3 which, when executed by the processor, cause the processor to perform applying a particular 

4 hash function to the shared secret key to generate the secret integer. 

1 35 . (New) The apparatus of Claim 3 1 , wherein the sequences of instructions that cause 

2 the processor to perform generating encrypted data comprise sequences of instructions 

3 which, when executed by the processor, cause the processor to perform an exclusive or 

4 (XOR) operation between corresponding bits of the subset and the secret integer to generate 

5 the encrypted data. 
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1 36. (New) The apparatus of Claim 28, wherein the sequences of instructions that cause 

2 the processor to perform determining the secret integer comprise sequences of 

3 instructions which, when executed by the processor, cause the processor to perform 

4 applying a particular hash function a plurality of times to a shared secret key shared 

5 with the receiving device; and 

6 wherein the sequences of instructions that cause the processor to perform sending the 

7 information to determine the secret integer comprise sequences of instructions 

8 which, when executed by the processor, cause the processor to perform 

9 storing, as part of the clue information, data that indicates a number of times 
1 0 the particular hash function has been applied. 

1 37. (New) The apparatus of Claim 36, wherein the sequences of instructions that cause 

2 the processor to perform determining the secret integer comprise sequences of 

3 instructions which, when executed by the processor, cause the processor to perform: 

4 determining a first integer formed after the particular hash function is applied the 

5 number of times indicated in the information; 

6 determining a second integer formed after the particular hash function is applied 

7 fewer times than the number of times indicated in the information; and 

8 performing an exclusive or (XOR) operation between corresponding bits of the first 

9 integer and the second integer. 
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1 38. (New) The apparatus of Claim 36, wherein the sequences of instructions that cause 

2 the processor to perform determining the secret integer comprise sequences of 

3 instructions which, when executed by the processor, cause the processor to perform: 

4 determining a first integer formed after the particular hash function is applied the 

5 number of times indicated in the information; 

6 determining a second integer formed after a second hash function is applied for the 

7 number of times indicated in the information, wherein the second hash 

8 function is different from the particular hash function that is used to determine 

9 the first integer; and 

10 performing an exclusive or (XOR) operation between corresponding bits of the first 

1 1 integer and the second integer. 

1 39. (New) The apparatus of Claim 36, further comprising sequences of instructions 

2 which, when executed by the processor, cause the processor to perform the steps of: 

3 before said step of determining the secret integer: 

4 determining the shared secret key based on a particular communication between the 

5 client and the server; and 

6 storing the shared secret key in a secure data structure. 

1 40. (New) The apparatus of Claim 28, wherein the secret integer has a particular number 

2 of bits fixed for all subsets in all payloads communicated during a communication session 

3 between the client and the server. 
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1 41 . (New) The apparatus of Claim 28, wherein the secret integer has a number of bits 

2 that varies in accordance with lengths of payloads that are communicated during a 

3 communication session between the client and the server. 

4 42. (New) The apparatus of Claim 26, wherein the unencrypted transfer protocol is 

5 Hypertext Transfer Protocol (HTTP). 

6 43. (New) The apparatus of Claim 26, wherein the means for determining a secret integer 

7 that is unique for the subset comprises means for: 

8 generating a first integer using a random number generator; 

9 determining a shared secret key to be shared with the receiving device based on the 

10 first integer and a first public key associated with the receiving device; and 

1 1 selecting the secret integer based on the shared secret key. 

1 44. (New) The apparatus of Claim 43, wherein the means for sending the information to 

2 determine the secret integer comprises means for: 

3 determining a second public key associated with the sending device based on the first 

4 integer; and 

5 including the second public key in the information to determine the secret integer. 
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1 45. (New) The apparatus of Claim 43, wherein the means for sending the information to 

2 determine the secret integer comprises means for: 

3 determining a plurality of second public keys associated with the sending device 

4 based on the first integer, wherein each of the second public keys is associated 

5 with one of a plurality of subsets from the set of data; and 

6 including the plurality of second public keys in the information to determine the 

7 secret integer. 

1 46. (New) The apparatus of Claim 43, wherein the means for selecting the secret integer 

2 comprises means for applying a particular hash function to the shared secret key to generate 

3 the secret integer. 

1 47. (New) The apparatus of Claim 43, wherein the means for generating encrypted data 

2 comprises means for performing an exclusive or (XOR) operation between corresponding 

3 bits of the subset and the secret integer to generate the encrypted data. 

1 48. (New) The apparatus of Claim 26, wherein the means for determining the secret 

2 integer comprises means for applying a particular hash function a plurality of times to 

3 a shared secret key shared with the receiving device; and 

4 wherein the means for sending the information to determine the secret integer 

5 comprise comprises means for storing, as part of the clue information, data 

6 that indicates a number of times the particular hash function has been applied. 
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(New) The apparatus of Claim 48, wherein the means for determining the secret 
integer comprises means for: 

determining a first integer formed after the particular hash function is applied the 

number of times indicated in the information; 
determining a second integer formed after the particular hash function is applied 

fewer times than the number of times indicated in the information; and 
performing an exclusive or (XOR) operation between corresponding bits of the first 

integer and the second integer. 

(New) The apparatus of Claim 48, wherein the means for determining the secret 
integer comprises means for: 

determining a first integer formed after the particular hash function is applied the 

number of times indicated in the information; 
determining a second integer formed after a second hash function is applied for the 

number of times indicated in the information, wherein the second hash 

function is different from the particular hash function that is used to determine 

the first integer; and 

performing an exclusive or (XOR) operation between corresponding bits of the first 
integer and the second integer. 
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1 51. (New) The apparatus of Claim 48, further comprising means for: 



2 



determining, before said step of determining the secret integer, the shared secret key 



3 



based on a particular communication between the client and the server; and 



4 



storing, before said step of determining the secret integer, the shared secret key in a 



5 



secure data structure. 



1 52. (New) The apparatus of Claim 26, wherein the secret integer has a particular number 

2 of bits fixed for all subsets in all payloads communicated during a communication session 

3 between the client and the server. 

1 53 . (New) The apparatus of Claim 26, wherein the secret integer has a number of bits 

2 that varies in accordance with lengths of payloads that are communicated during a 

3 communication session between the client and the server. 
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